gnutls - The GNU Transport Layer Security Library

Property Value
Distribution openSUSE Leap 15.0
Repository openSUSE Oss all
Package name gnutls
Package version 3.6.2
Package release lp150.3.2
Package architecture x86_64
Package type rpm
Installed size 2.60 MB
Download size 646.90 KB
Official Mirror
The GnuTLS library provides a secure layer over a reliable transport
layer. Currently the GnuTLS library implements the proposed standards
of the IETF's TLS working group.


Package Version Architecture Repository
gnutls-3.6.2-lp150.4.3.1.x86_64.rpm 3.6.2 x86_64 openSUSE Update Oss
gnutls - - -


Name Value - - -
libgnutls-dane0 = 3.6.2 - - - - - - - -


Name Value
gnutls = 3.6.2-lp150.3.2
gnutls(x86-64) = 3.6.2-lp150.3.2


Type URL
Binary Package gnutls-3.6.2-lp150.3.2.x86_64.rpm
Source Package gnutls-3.6.2-lp150.3.2.src.rpm

Install Howto

Install gnutls rpm package:

# zypper install gnutls




2018-03-29 -
- Simplify the DANE support %ifdef condition
* build with DANE on openSUSE only
2018-03-26 -
- Adjust RPM groups. Drop %if..%endif guards that are idempotent.
2018-03-23 -
- build without DANE support on SLE-15, as it doesn't have unbound
2018-03-23 -
- add back refreshed gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
the dtls-resume test still keeps randomly failing on PPC
2018-03-23 -
- remove gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
patch does not apply any more and apparently the build
suceeds even if the formerly flaky testcase is run (bsc#1086579)
2018-03-15 -
- gnutls.keyring: Nikos key refreshed to be unexpired
2018-03-13 -
- GnuTLS 3.6.2:
* libgnutls: When verifying against a self signed certificate ignore issuer.
That is, ignore issuer when checking the issuer's parameters strength,
resolving issue #347 which caused self signed certificates to be
additionally marked as of insufficient security level.
* libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data
MTU calculation now, it correctly accounts for the fixed overhead due to
padding (as 1 byte), while at the same time considers the rest of the
padding as part of data MTU.
* libgnutls: Address issue of loading of all PKCS#11 modules on startup
on systems with a PKCS#11 trust store (as opposed to a file trust store).
Introduced a multi-stage initialization which loads the trust modules, and
other modules are deferred for the first pure PKCS#11 request.
* libgnutls: The SRP authentication will reject any parameters outside
RFC5054. This protects any client from potential MitM due to insecure
parameters. That also brings SRP in par with the RFC7919 changes to
* libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters
for SRP authentication.
* libgnutls: Addressed issue in the accelerated code affecting
interoperability with versions of nettle >= 3.4.
* libgnutls: Addressed issue in the AES-GCM acceleration under aarch64.
* libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by
Vitezslav Cizek).
* srptool: the --create-conf option no longer includes 1024-bit parameters.
* p11tool: Fixed the deletion of objects in batch mode.
- Dropped gnutls-check_aes_keysize.patch as it is included upstream now.
2018-02-22 -
- Use %license (boo#1082318)
2018-02-07 -
- Sanity check key size in SSSE3 AES cipher implementation (bsc#1074303)
* add gnutls-check_aes_keysize.patch
2017-11-01 -
- GnuTLS 3.6.1:
* Fix interoperability issue with openssl when safe renegotiation
was used
* gnutls_x509_crl_sign, gnutls_x509_crt_sign,
gnutls_x509_crq_sign, were modified to sign with a better
algorithm than SHA1. They will now sign with an algorithm that
corresponds to the security level of the signer's key.
* gnutls_x509_*_sign2() functions and gnutls_x509_*_privkey_sign()
accept GNUTLS_DIG_UNKNOWN (0) as a hash function option. That
will signal the function to auto-detect an appropriate hash
algorithm to use.
* Remove support for signature algorithms using SHA2-224 in TLS.
TLS 1.3 no longer uses SHA2-224 and it was never a widespread
algorithm in TLS 1.2
* Refuse to use client certificates containing disallowed
algorithms for a session, reverting a change on 3.5.5
* Refuse to resume a session which had a different SNI advertised
That improves RFC6066 support in server side.
* p11tool: Mark all generated objects as sensitive by default.
* p11tool: added options --sign-params and --hash. This allows
testing signature with multiple algorithms, including RSA-PSS.

See Also

Package Description
gnutls-guile-3.6.2-lp150.3.2.x86_64.rpm Guile wrappers for gnutls
go-1.9.4-lp150.1.1.x86_64.rpm A compiled, garbage-collected, concurrent programming language
go-doc-1.9.4-lp150.1.1.x86_64.rpm Go documentation
go-for-it-1.6.3-lp150.1.5.x86_64.rpm A to-do list with built-in productivity timer
go-for-it-lang-1.6.3-lp150.1.5.noarch.rpm Translations for package go-for-it
go-md2man-1.0.6+git20160904.a65d4d2-lp150.2.3.x86_64.rpm Tool to converts markdown into man pages
go-race-1.9.4-lp150.1.1.x86_64.rpm Go runtime race detector
go1.7-1.7.5-lp150.6.1.x86_64.rpm A compiled, garbage-collected, concurrent programming language
go1.7-doc-1.7.5-lp150.6.1.x86_64.rpm Go documentation
go1.7-race-1.7.5-lp150.6.1.x86_64.rpm Go runtime race detector
go1.8-1.8.7-lp150.1.3.x86_64.rpm A compiled, garbage-collected, concurrent programming language
go1.8-doc-1.8.7-lp150.1.3.x86_64.rpm Go documentation
go1.8-race-1.8.7-lp150.1.3.x86_64.rpm Go runtime race detector
go1.9-1.9.4-lp150.1.3.x86_64.rpm A compiled, garbage-collected, concurrent programming language
go1.9-doc-1.9.4-lp150.1.3.x86_64.rpm Go documentation